Policy.ReadWrite.AuthenticationMethod
Allows the app to read and write the authentication method policies, on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
| Ver |
Type |
Method |
| V1 |
A,D |
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email |
| V1 |
A,D |
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2 |
| V1 |
A,D |
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator |
| Beta |
D |
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/passwordlessMicrosoftAuthenticator |
| Beta |
A,D |
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms |
| Beta |
A,D |
DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass |
| V1 |
A,D |
GET /policies/authenticationMethodsPolicy |
| V1 |
A,D |
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2 |
| V1 |
A,D |
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator |
| Beta |
D |
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/passwordlessMicrosoftAuthenticator |
| Beta |
A,D |
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms |
| Beta |
A,D |
GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass |
| Beta |
D |
GET https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email |
| V1 |
A,D |
GET https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email |
| V1 |
A,D |
PATCH /policies/authenticationMethodsPolicy |
| V1 |
A,D |
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email |
| V1 |
A,D |
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/fido2 |
| V1 |
A,D |
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator |
| Beta |
D |
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/passwordlessMicrosoftAuthenticator |
| Beta |
A,D |
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/sms |
| Beta |
A,D |
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass |
| Beta |
A,D |
PATCH /policies/b2cAuthenticationMethodsPolicy |
Delegate Permission
|
|
| Id |
7e823077-d88e-468f-a337-e18f1f0e6c7c |
| Consent Type |
Admin |
| Display String |
Read and write authentication method policies |
| Description |
Allows the app to read and write the authentication method policies, on behalf of the signed-in user. |
Application Permission
|
|
| Id |
29c18626-4985-4dcd-85c0-193eef327366 |
| Display String |
Read and write all authentication method policies |
| Description |
Allows the app to read and write all authentication method policies for the tenant, without a signed-in user. |
Resources
| Property |
Type |
Description |
| id |
String |
The policy name. |
| state |
authenticationMethodState |
The state of the policy. Possible values are: enabled, disabled. |
| Property |
Type |
Description |
| description |
String |
A description of the policy. Read-only. |
| displayName |
String |
The name of the policy. Read-only. |
| id |
String |
The identifier of the policy. Inherited from entity. |
| lastModifiedDateTime |
DateTimeOffset |
The date and time of the last update to the policy. Read-only. |
| policyVersion |
String |
The version of the policy in use. Read-only. |
| registrationEnforcement |
registrationEnforcement |
Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods. |
| Property |
Type |
Description |
| id |
String |
The id of the B2C authentication methods policy. This is a read only property and the key. |
| isEmailPasswordAuthenticationEnabled |
Boolean |
The tenant admin can configure local accounts using email if the email and password authentication method is enabled. |
| isUserNameAuthenticationEnabled |
Boolean |
The tenant admin can configure local accounts using username if the username and password authentication method is enabled. |
| isPhoneOneTimePasswordAuthenticationEnabled |
Boolean |
The tenant admin can configure local accounts using phone number if the phone number and one-time password authentication method is enabled. |
| Property |
Type |
Description |
| id |
String |
The authentication method policy identifier. Inherited from authenticationMethodConfiguration. |
| state |
authenticationMethodState |
Indicates whether this authentication method is enabled or not. Possible values are: enabled, disabled. |
| allowExternalIdToUseEmailOtp |
externalEmailOtpState |
Determines whether email OTP is usable by external users for authentication. Possible values are: default, enabled, disabled, unknownFutureValue. Tenants in the default state who did not use public preview will automatically have email OTP enabled beginning in October 2021. |
| Property |
Type |
Description |
| id |
String |
The authentication method policy identifier. |
| isAttestationEnforced |
Boolean |
Determines whether attestation must be enforced for FIDO2 security key registration. |
| isSelfServiceRegistrationAllowed |
Boolean |
Determines if users can register new FIDO2 security keys. |
| keyRestrictions |
fido2KeyRestrictions |
Controls whether key restrictions are enforced on FIDO2 security keys, either allowing or disallowing certain key types as defined by Authenticator Attestation GUID (AAGUID), an identifier that indicates the type (e.g. make and model) of the authenticator. |
| state |
authenticationMethodState |
Possible values are: enabled, disabled. |
| Property |
Type |
Description |
| id |
String |
The authentication method policy identifier. |
| state |
authenticationMethodState |
Possible values are: enabled, disabled. |
| Property |
Type |
Description |
| id |
String |
The authentication method policy identifier. |
| state |
authenticationMethodState |
Possible values are: enabled, disabled. |
| Property |
Type |
Description |
| authenticationMethodsRegistrationCampaign |
authenticationMethodsRegistrationCampaign |
Run campaigns to remind users to set up targeted authentication methods. |
| Property |
Type |
Description |
| id |
String |
The authentication method policy identifier. |
| state |
authenticationMethodState |
Possible values are: enabled, disabled. |
| Property |
Type |
Description |
| id |
String |
The authentication method policy identifier. |
| minimumLifetimeInMinutes |
Int |
Minimum lifetime in minutes for any temporaryAccessPass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days). |
| maximumLifetimeInMinutes |
Int |
Maximum lifetime in minutes for any temporaryAccessPass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days). |
| defaultLifetimeInMinutes |
int |
Default lifetime, in minutes, for a temporaryAccessPass. Value can be between the minimumLifetimeInMinutes and maximumLifetimeInMinutes. |
| defaultLength |
int |
Default length, in characters, of a temporaryAccessPass, between 8 and 48 characters. |
| isUsableOnce |
Boolean |
If true, all the passes in the tenant will be restricted to one-time use. If false, passes in the tenant can be created to be either one-time use or multiple time use. |
| state |
authenticationMethodState |
Possible values are: enabled, disabled. |